Gestion des risques dans les architectures orientées services


In this thesis we discuss the application of risk management to distributed information systems. We handle problems of interoperability and securisation of the exchanges within DRM systems and we propose the implementation of this system for the company: it needs to permit the distribution of self-protected contents. We then present the (our) participation in the creation of an innovative company which emphasizes on the security of information, in particular the management of risks through the ISO/IEC 27005:2011 standard. We present risks related to the use of services, highlighting in particular the ones which are not technological: we approach inheritent risks in clouds (provider failure, etc…) but also the more insidious aspects of espionage and intrusion in personal data (case PRISM in June 2013). In the last section, we present a concept of a DRM company which uses metadata to deploy settings in usage control models. We propose a draft formalization of metadata necessary for the implementation of a security policy and guarantee respect of regulations and legislation.

Thèse de doctorat UPPA (ED211 Sciences Exactes et leurs Applications)
Mont de Marsan (Landes), France, 19 décembre 2013


ISO/IEC 27005:2011, Web Services, WS Security, SOA, Cloud, metadata, personal data, information security, innovative, digital forensics